Senior DevOps Engineer - Security, Observability & Incident ResponseSAP SE • United States
Senior DevOps Engineer - Security, Observability & Incident Response
SAP SE
- United States
- United States
À propos
At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We’re builders touching over 20 industries and 80% of global commerce, and we need your unique talents to shape what’s next. The work is challenging – but it matters. You’ll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What’s in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.
Please note: This position will be based from our San Ramon office following our hybrid working model of in‑office 3 days a week. There is no relocation assistance available for this role.
We are seeking a highly skilled and proactive Security & Observability Engineer to join our Cloud Operations Tools team. This role is integral in maintaining, optimizing, and managing our Observability and Security toolsets, with a strong focus on improving end‑to‑end visibility, enhancing system reliability, strengthening detection capabilities, and reducing MTTR. The ideal candidate will have deep hands‑on expertise with Observability platforms—especially Dynatrace—alongside SIEM tools, strong incident response capabilities, and a passion for automation and continuous improvement.
What you’ll do
Observability
Own and administer the enterprise Dynatrace environment including configuration, tuning, tagging, dashboards, alerting, and synthetic monitoring.
Develop and maintain service‑level dashboards, distributed tracing views, and health analytics to support SRE, DevOps, and app teams.
Optimize observability coverage across infrastructure, applications, APIs, and cloud platforms to reduce blind spots and improve MTTR.
Partner with application and operations teams to drive root‑cause analysis using Dynatrace insights and AIOps capabilities.
Ensure observability best practices around instrumentation, ingest pipelines, tagging standards, and anomaly detection models.
Strong understanding of
OpenTelemetry
architecture, including Traces, Metrics, and Logs.
Understanding of OTel's data model, context propagation, sampling, and exporters.
Security Monitoring & SIEM Operations
Manage and tune SIEM solutions such as Splunk to ensure effective threat detection.
Build and enhance detection rules, alerts, and dashboards.
Perform log source onboarding and parsing improvements.
Support SAP & LOB IR teams during security incidents.
Conduct triage, investigation, containment, eradication, and recovery activities.
Coordinate with internal and external stakeholders during and after incidents.
Administer and monitor endpoint security tools such as CrowdStrike and TrendMicro.
Review threat detections and drive remediation efforts.
Vulnerability Management
Support vulnerability management processes by correlating scanner output with asset context and threat intelligence.
Partner with IT and development teams to prioritize and remediate vulnerabilities.
Automation & Scripting
Build automation workflows using SOAR platforms or scripting (Python, PowerShell, Bash, etc.).
Streamline repetitive IR and security operations tasks.
Documentation & Reporting
Maintain accurate documentation for operations, procedures, configurations, and incident records.
Create regular reporting on security posture, observability health, and response metrics.
Collaborate with IT, DevOps, SRE, and Compliance teams.
Provide input into architecture, tool selection, observability strategy, and security initiatives.
Must have Qualifications
6+ years of experience in security operations, observability engineering, or incident response.
Expert‑level hands‑on experience with Dynatrace (required)—including configuration, dashboards, tagging, integrations, service flows, and alerting.
Strong expertise with SIEM platforms (especially Splunk).
Solid understanding of IR lifecycle and best practices.
Experience with endpoint protection platforms (CrowdStrike, TrendMicro, McAfee, etc.).
Familiarity with vulnerability scanning solutions (Tenable, Rapid7, Qualys).
Strong scripting and automation skills (Python, PowerShell, Bash).
Strong knowledge of Windows, Linux, and network security fundamentals.
Familiarity with cloud platforms (Azure, GCP, AWS) and associated security/monitoring tools.
Preferred Qualifications
Experience with SOAR tools (Splunk SOAR, Palo Alto XSOAR, etc.).
Security or Observability certifications such as Dynatrace Associate/Professional, GCIA, GCIH, CEH, CISSP, or Splunk certifications.
Experience with APM, RUM, or distributed tracing beyond Dynatrace (e.g., New Relic, AppDynamics, OpenTelemetry)
Compensation Range Transparency : SAP believes the value of pay transparency contributes towards an honest and supportive culture and is a significant step towards demonstrating SAP’s commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted combined range for this position is 148600 – 252600 USD. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc. as determined through this election process. Any SAP variable incentive includes a targeted dollar amount and any actual payout amount is dependent on company and personal performance.
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, gender (including pregnancy, childbirth, etc.), sexual orientation, gender identity or expression, protected veteran status, or disability.
#J-18808-Ljbffr
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.